Download Peakflow® Threat Management System

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Arbor Data Sheet
Peakflow Threat
Management System
®
Advanced threat analysis, surgical mitigation
and service enablement
Key Features and Benefits
Surgical Mitigation
Automatically remove only the attack
traffic without interrupting the flow
of non-attack business traffic.
Unified Command and Control
of Eight Tbps of Mitigation
Scale DDoS defenses to an unprecedented level. Deploy up to eight terabits
of aggregate, centrally-managed
mitigation capacity per deployment.
Managed Services Enabler
Meet rapidly growing demand for
DDoS protection services. Use the
Peakflow Threat Management System
to deliver profitable in-cloud DDoS
protection services.
Comprehensive Suite of Attack
Countermeasures
Protect your infrastructure and/or your
customers from the largest and most
complex volumetric, tcp-state exhaustion
and application-layer DDoS attacks.
Flexible Deployment
Deploy application-layer intelligence,
threat detection and surgical mitigation
in different portions of your network for
infrastructure protection and more profitable managed DDoS protection services.
Internet Service Providers (ISPs), cloud providers and enterprises face a common
problem. Distributed Denial of Service (DDoS) attacks are a major risk to service availability. The power, sophistication and frequency of DDoS attacks are rising. Data center
operators and network providers need a defense that is effective, cost-efficient and easily
managed. Arbor’s Peakflow Threat Management System is the acknowledged leader in
DDoS protection. More service providers, cloud providers and large enterprises use the
Peakflow Threat Management System for DDoS mitigation than any other solution.
Peakflow Solution for DDoS Protection
The Peakflow solution integrates network-wide intelligence and anomaly detection with
carrier-class threat management to help identify and stop network and application-layer
DDoS attacks.
Peakflow Threat Management System network appliances provide the vital, trafficscrubbing component of the Peakflow solution. The Peakflow Threat Management
System can be deployed inline to provide “always on” protection. Unlike other products, it
also supports a mitigation architecture called “diversion/reinjection.” In this mode, only the
traffic stream carrying the DDoS attack is redirected to the Peakflow Threat Management
System through routing updates issued by the Peakflow solution. The Peakflow Threat
Management System removes only the malicious traffic from that stream and forwards
the legitimate traffic to its intended destination.
This is highly advantageous for service providers, large enterprises and large hosting/
cloud providers. It enables a single, centrally located Peakflow Threat Management System
to protect multiple links and multiple data centers. It results in much more efficient use of
mitigation and fully non-intrusive security. Inline devices must inspect all traffic all the time
on the links they monitor. The Peakflow Threat Management System only needs to inspect
traffic that is redirected to it in response to an attack on a specific target.
Cisco ASR 9000
vDDoS Protection
Attack Traffic
Non-Attack Traffic
Embedded Router Option for Optimal
Network Edge DDoS Protection
Block DDoS attacks within your Cisco
Aggregated Services Router (ASR)
9000 router wherever your ASR 9000
is deployed, whether it is at the network
edge, peering edge, data center edge,
mobile edge or even the core.
Peakflow Collector Platform
or Traffic and Routing Role
Peakflow Threat
Management System
Comprehensive threat detection and surgical mitigation
Customer/Data Center
Multiple Methods of Threat
Detection and Mitigation
Block known malicious hosts by
using white and black lists. The white
list contains authorized hosts, while
the black list contains zombies or
compromised hosts whose traffic
will be blocked.
Block application-layer exploits
by using complex filters. The Peakflow
Threat Management System provides
payload visibility and filtering to better
ensure cloaked attacks cannot bring
down critical services.
Defend against Web-based threats
by detecting and mitigating HTTPspecific attacks. These mechanisms
also help with managing flash-crowd
scenarios.
Protect critical DNS services from
cache poisoning, resource exhaustion
and amplification attacks. Add greater
visibility into DNS services.
Protect VoIP services from automated scripts or botnets that exploit
packet-per-second and malformed
request floods by employing VoIP/
SIP-specific attack detection and
mitigation capabilities.
Comprehensive Threat Detection
Data centers and public networks present multiple targets for DDoS attacks. These
targets include infrastructure devices (e.g., routers, switches and load balancers),
Domain Name Systems (DNS), bandwidth capacity and key applications such as Web,
eCommerce, voice and video. Even security devices such as firewalls are targets of
attack. The Peakflow solution provides the most comprehensive and adaptive suite
of threat detection capabilities in the industry, designed to protect diverse resources
from complex, blended attacks. These capabilities include statistical anomaly detection,
protocol anomaly detection, fingerprint matching and profiled anomaly detection.
Peakflow continually learns and adapts in real-time, alerting operators to attacks,
as well as to unusual changes in demand and service levels.
Surgical Mitigation in Under 30 Seconds
Key to effective mitigation is the ability to identify and block attack traffic while allowing
non-attack traffic to flow through to its intended destination. Large-scale DDoS attacks
affect not only the intended victim, but also other unfortunate customers who may
be using the same shared network service. To reduce this collateral damage, service
providers and hosting providers often shut down all traffic destined for the victim’s site,
thus completing the DDoS attack. Whether it’s a high-volume flood attack designed to
exhaust bandwidth capacity or a targeted attack looking to bring down a Web site, in
some cases, the Peakflow Threat Management System can isolate and remove the
attack traffic, without affecting other users, in less than 30 seconds. Methods include
identifying and black-listing malicious hosts, IP location-based mitigation, protocol anomaly-based filtering, malformed packet removal and rate limiting (to gracefully manage
non-malicious demand spikes). Mitigations can be automated or operator-initiated and
countermeasures can be combined to address blended attacks.
Stop large reflection/amplification
attacks such as NTP, DNS, SNMP
or Chargen by leveraging up to 80
Gbps of attack mitigation in a single
TMS chassis.
Expose and stop attacks hidden
in SSL packets via an optional
Peakflow Threat Management System
2300 Hardware Security Module
(HSM), which can decrypt SSL
packets, inspect and drop attack
traffic and re-encrypt and drop
non-attack traffic back on wire.
Real-time alerting and
mitigation dashboard
ATLAS Intelligence Feed
Real-Time Mitigation Dashboard
Leveraging a global network of
traffic monitoring and sensors, Arbor
researchers have developed ATLAS
Intelligence Feed, a library of targeted
defenses providing automatic protection
from the vast majority of botnet-based
attacks. ATLAS Intelligence Feed
automatically updates the Peakflow
Threat Management System with new
protections as Arbor researchers find
and neutralize emerging threats.
The Peakflow Threat Management System real-time mitigation dashboard is a single
screen that shows operators exactly what is generating a DDoS alert and what effect
the countermeasures are having on the attack. It provides the ability to modify countermeasures and delivers full packet capture and decode to get a detailed view of both
normal and attack packet streams. This information is stored for future reference and
management reporting—giving operators and managers full visibility and reporting into
attacks on their business operations.
®
Flexible Deployment, Rapid Enablement
Configuration templates and out-of-the-box mitigation enable operators to implement
effective DDoS defense from day one. The Peakflow Threat Management System
automatically learns normal traffic patterns and adjusts over time, eliminating the need
to manually configure and update alert thresholds. Operators also have the option to set
thresholds and manually initiate mitigations. In short, the Peakflow Threat Management
System allows operators to choose how much they wish to automate and how much
they wish to control manually.
Comprehensive Management and Reporting
The Peakflow Threat Management System simplifies and streamlines operations
by providing the ability to view and manage up to eight terabits of mitigation capacity
from a single point of control. This provides the ability to thwart multiple, large-scale
attacks and produce comprehensive reports that summarize the mitigation process
for customers and/or management.
A Platform for Managed DDoS Services
Arbor’s Peakflow solution enables service providers and hosting/cloud providers to
deliver DDoS protection services to their customers. Customized portal access, APIs
and delegated management give managed service providers the flexibility and control
to tailor services to fit their customers’ needs. Peakflow is the undisputed leader for
managed DDoS protection. It is the solution of choice for the vast majority of leading
DDoS managed services.
Peakflow Threat Management System 2300 Specifications
Throughput
and Mitigation
Easily upgraded
in-place via
license key
2301
1.5 Gbps, 3.5 Mpps
2302
2.5 Gbps, 5 Mpps
2305
5 Gbps, 7 Mpps
2310
10 Gbps, 10 Mpps
Power
Requirements
Redundant Dual Power Supplies; AC: 100-127V/200-240V, 50 to 60 Hz,
6/3A; DC: -48 to -72V, 13A max
Dimensions
• Chassis: 2U rack height
• Weight: 39 lbs (17.7 kg)
• Height: 3.45 inches (8.76 cm)
• Width: 17.14 inches (43.53cm)
• Depth: 20 inches (50.8cm)
Network Interfaces
12 x 1 GigE (SFP for copper, GigE SX, or GigE LX) or 6 x 10 GigE (SFP+
for SR or LR)
Storage
Dual RAID 1 SSD Drives
Environmental
Operating temperature: 41° to 104°F (5° to 40°C); Relative humidity
(operating): 5 to 85%, (non-operating) 95% at 73° to 104F (23° to 40°C)
Regulatory
RoHS 2002/95/EC, IEC/EN/UL 60950-1 2nd ed., E2006/95/EC,
2001/95/EC, FCC Part 15 Subpart B Class A, EN 55022, EN 55024, EN
61000-3-2, EN 61000-3-3, EN 61000-4-2, EN 61000-4-3, EN 61000-4-4,
EN 61000-4-5, EN 61000-4-6, EN 61000-4-8, EN 61000-4-11, IC ICES003 Class A, ETSI EN 300 386, ETS 300-019-2-1, ETS 300-019-2-2, ETS
300-019-2-3, ETS 753, CISPR 22 Class A, CISPR 24, Gost, BSMI, VCCI
Class A, KCC Class A, UL Mark, CE Mark, ETSI, NEBS-3 (DC), NEBS-1 (AC)
Hardware Bypass
External
SSL Decryption/
Re-encryption
Via optional Hardware Security Module (HSM) TMS2300 can decrypt SSL
packets and mitigate attacks (2301 & 2302 up to 750 Mbps and 2305
and 2310 up to 5Gbps); Supported SSL:SSL 3.0,TLS 1.0,TLS 1.1, TLS 1.2;
Supported FIPS cypher suites:RSA_WITH_AES_128_SHA, RSA_WITH_
AES_256_SHA, RSA_WITH_AES_256_SHA256, SSL3_CK_RSA_DES_192_
CBC3_SHA; Supported non-FIPS cipher suites:SSL3_CK_RSA_RC4_128_
SHA, SSL3_CK_RSA_RC4_128_MD5, SSL3_CK_RSA_DES_64_CBC_SHA
Tenth Annual Worldwide
Infrastructure Security Report
Arbor Networks’ tenth annual
Worldwide Infrastructure Security
Report covers a 12-month period
from November, 2013 through
October, 2014. For the report,
Arbor collected 287 responses from
a mix of Tier 1 and Tier 2/3 service
providers, hosting, mobile, enterprise
and other types of network operators
from around the world. It was
designed to collect the experiences,
observations and concerns of the
operational security community. As in
previous years, the survey addressed
topics such as threats against infrastructure and customers, techniques
employed to protect infrastructure and
mechanisms used to managed, detect
and response to security incidents.
Looking back on ten years of
DDoS Reporting:
• Mostly a nuisance and nothing
more than an independent event
a decade ago, distributed denial-ofservice (DDoS) is now a very serious
threat to business continuity and
the bottom-line. DDoS attacks today
are now components of complex,
often long-standing advanced
threat campaigns.
• Application-layer attacks were
experienced by 90 percent of
respondents in 2014. Ten years
ago, 90 percent of respondents cited
simple “brute force” flood attacks
as the most common attack vector.
• The human element continues to be
a factor in defensive capabilities—not
just today, but throughout the last
ten years of WISR reporting. Just in
the past year alone, 54 percent of
respondents reported difficulty hiring
and retaining skilled personnel within
their security organizations.
• The largest DDoS attack reported in
2014 was 400 Gbps; ten years ago
the largest reported attack was a
mere 8 Gbps.
To download the latest report, go to:
www.arbornetworks.com/report
Peakflow Threat Management System 4000 Specifications
Throughput
Peakflow Threat Management System 4000
10 Gbps, 10 Mpps – 80 Gbps, 80 Mpps
Cisco ASR 9000 vDDoS Protection
Up to 40 Gbps, 27 Mpps
Peakflow Threat Management System 2300
2301: 1.5 Gbps, 3.5 Mpps
2302: 2.5 Gbps, 5 Mpps
2305: 5 Gbps, 7 Mpps
2310: 10 Gbps, 10 Mpps
Easily upgrade a Peakflow Threat
Management System 2300 appliance
in-place with a license key upgrade.
Corporate Headquarters
76 Blanchard Road
Burlington, MA 01803 USA
4000 (1 APM-E)
Up to 10 Gbps, 10 Mpps
4000 (2 APM-E)
Up to 20 Gbps, 20 Mpps
4000 (3 APM-E)
Up to 30 Gbps, 30 Mpps
4000 (4 APM-E)
Up to 40 Gbps, 40 Mpps
Mitigation
Up to 80 Gbps, 80 Mpps
Power Requirements
Redundant Power Supplies: 3 AC, 2 DC; AC: 100-240V, 50 to 60Hz;
DC: -48 to -72V
Dimensions
• Chassis: 6U rack height
• Weight: 78lbs (35.4kg), plus
6lbs (2.7kg) per APM-E
Network Interfaces
8 x 10 GigE (SFP+)
Storage
Dual RAID 1 Hard Drives
Environmental
Operating temperature: 23° to 104°F (-5° to 40°C), applies to all
4000 configs. Relative humidity (operating): 5 to 95%
Regulatory
RoHS 6/6, CSA, FCC Part 15 Subpart B Class A, ETSI EN 300 386,
CE, CCC
Hardware Bypass
External
• Height: 10.5 inches (26.7 cm)
• Width: 17.63 inches (44.8 cm)
• Depth: 16.3 inches (41.4 cm)
Cisco ASR 9000 vDDoS Protection Specifications
Powered by virtual network embedded Peakflow Threat Management System
Throughput
Up to 40 Gbps, 27 Mpps; Up to 20 Gbps, 27 Mpps; Up to 10 Gbps, 27 Mpps
Mitigation
Up to router port capabilities
Supported ASR Routers
9904, 9006, 9010, 9912, 9922
Requisite Components
• DDoS Attack Detection/Mitigation: Peakflow Solution (version 7.01+)
• Router: Cisco ASR 9000 Router (IOS-XR release 5.3.0+)
• Virtual Platform: Cisco Virtualized Services Module for the ASR 9000
• DDoS Solution: Cisco ASR 9000 vDDoS Protection Solution
Router Slots
1 router slot per VSM, multiple VSMs per router
For more information visit: www.arbornetworks.com/asr9000, www.cisco.com/go/asr9000,
or contact your Cisco Sales Representative.
Toll Free USA +1 866 212 7267
T +1 781 362 4300
Peakflow Threat Management System DDoS Defense Specifications
North America Sales
All Models
Toll Free +1 855 773 9200
Europe
T +44 207 127 8147
Simultaneous Sessions
Not session limited
Deployment Modes
Inline Active, Inline Monitoring, SPAN port, Diversion/Reinjection
Block Actions
Source blocking/source suspend, per packet blocking, combination
of source, header and rate based blocking
Attack Protections
Flood Attacks (TCP, UDP, ICMP, DNS,NTP Reflection/Amplification),
Fragmentation Attacks (Teardrop, Targa3, Jolt2, Nestea), TCP Stack
Attacks (SYN, FIN, RST, SYN ACK, URG-PSH, TCP Flags), Application
Attacks (HTTP GET floods, SIP Invite floods, DNS attacks, HTTPS protocol
attacks), DNS Cache Poisoning, Vulnerability attacks, Resource exhaustion
attacks (Slowloris, Pyloris, LOIC, etc.). Flash crowd protection. IPv4 and
IPv6 attacks hidden in SSL encrypted packets
DDoS Countermeasures
Blacklist/Whitelist, Geo Location reporting and blocking, Zombie blocking,
packet content filtering, packet header filtering, Botnet removal (AIF feed),
Malformed packet removal (TCP, UDP, DNS, DNSSEC, HTTP, HTTPS, SIP),
multiple anti-spoofing countermeasures, blended attack protection, CDN/
proxy aware countermeasures, rate limiting
Asia Pacific
T +65 68096226
www.arbornetworks.com
©2015 Arbor Networks, Inc. All rights
reserved. Arbor Networks, the Arbor Networks
logo, Peakflow, ArbOS, Pravail, Cloud Signaling,
Arbor Cloud, ATLAS, We see things others
can’t.™ and Arbor Networks. Smart. Available.
Secure. are all trademarks of Arbor Networks,
Inc. All other brands may be the trademarks
of their respective owners.
DS/TMS/EN/0315-LETTER